Summary of My Past Research

When doing reappointment and promotion packages for faculty, you're expected to submit a summary of your research and accomplishments. Since I'm a full professor, I'm not required to do this anymore, but I thought it would still be a useful exercise, partly to help me reflect on my work but also to share with the world what I felt were some of my key accomplishments. So here are some highlights of my research and teaching over the past twenty years. ____________________ Pioneered research on protecting people from phishing scams . This research combined ideas from machine learning, decision sciences, learning science, and game design, and greatly expanded the field of usable privacy and security in its early days. The browser warnings in Microsoft Internet Explorer 8 were re-designed based on our research, and key ideas from our work are still present in all web browser warnings today. Our work detecting phishing web pages is one of the earliest and perhaps most cited pap

Questions for Privacy Risk Modeling

In 2004, my colleagues and I published a paper called  Privacy risk models for designing privacy-sensitive ubiquitous computing systems . This paper posed a series of questions about user interface design, system design, and organizational issues that one should consider with respect to privacy when designing new ubicomp systems. In a recently published chapter in the book  Mobile Sensing in Psychology: Methods and Applications , I offer an updated version of these questions, shared below. Design Issues  • What kinds of personal information are sensed or gathered (e.g., name, email)? • How sensitive is the data? If leaked, can the data be easily linked to a specific individual? • Is there a clear value proposition for end users for sharing their personal data? Is this value proposition clear to end users? • Does this data collection match people’s expectations about the app? For example, it makes sense for a sleep monitor to use a microphone but perhaps not for a food diary app. • F

SCGSSM 2023 Commencement Address

I had the honor of being the 2023 commencement speaker for my old high school, the South Carolina Governor's School for Science and Math . It was especially good timing, since it's been 30 years since I graduated high school, so my friends and I organized a 30 year reunion at the same time.  Here's a link to a video of my speech . Here's a link to my speaking notes . I used a table with alternating colors to make it easier to follow where I was. I had several students thank me for the speech, especially the parts about handling failure and about not always listening to your parents. Yeah, I know that second one is going to bite me in the future, but now is now and I'll enjoy time with my kids in the meanwhile. --------- Thank you for the kind introduction. As you just heard, I'm a professor of computer science at Carnegie Mellon University. Now, inviting a professor to speak is a dangerous proposition, because as you may know, we professors have been trained t

Caret Browsing for Chrome

My young children have been fascinated by computers, and have a tendency to mash the keyboard. While this hasn't caused too many problems, it did lead to a strange case where the home, end, and arrow keys didn't work as usual in the Chrome browser. That is, instead of the down arrow key scrolling the page down, it would instead go to the next link on the page. Similarly, the end key wouldn't go to the bottom of the page, but would instead move the cursor to the end of the current line. After about an hour debugging, it turns out that this is a feature in Chrome known as Caret mode. It's an accessibility feature to help people navigate. To turn it on or off, hit F7. 

Fake Malware Warning on NYTimes web site

I just got a fake malware warning while reading an article on the New York Times web site. It also locked up my web browser too. I'm copying and pasting the text here, to help any folks who do a search on the text. There was a dangerous try to get an access to your personal logins & bank information. Luckily, your Firewall managed to block this suspicious connection. We recommend you to freeze your accounts until some measures will be taken. There is a great threat of leaking of your personal data. So you need to respond swiftly! Trojan Virus may have already hurt your hard disk and its data. That is why we are checking and verifying your system security. Do not waste your tie and consult one of our service centers or call us. Contact Microsoft Support: +1 (866) 273-6507 (TOLL-FREE). Your urgent response is needed. To deal with this problem, contact our network administrator. How can we tell this is fake?  First, I'm using the Chrome web browser, and folks from the

What are the least secure connected devices?

A journalist was asking my thoughts about the least secure connected devices out there today. Here's my response: ---------- What's insecure? Almost all of the cheaper consumer electronics available on the market today, including toys, light bulbs, weight scales, bread makers, web cams, and more. There are two major reasons. The first is that most of these are made by hardware manufacturers who have little background in software engineering best practices, let alone security. The result is common security problems, such as default passwords, no support for software updates, little or no encryption, or poor management of cloud servers. The other reason is economics. We consumers don't make purchasing decisions based on whether a device is secure or not, since we can't easily gauge the quality of security. One result is that manufacturers don't put a lot of effort into security. I research IoT security, and I basically try to avoid having any of these device

Future of Education and Training in a World of Automation

A journalist was asking me about the future of automation, especially in terms of how we (society) should change in regards to training and education of workers. Below are my responses. 1) Do you consider your courses at CMU to be training a workforce for an increasingly automated world? We don't explicitly gear our courses at CMU for training workforces. Generally, our courses are more about teaching high level concepts, methods, and skills. It's the same difference as learning how to program in Java and learning computer science with Java. The former focuses only on skills, while the latter focuses on bigger picture issues as well as the fundamentals. 2) Is the best way to train for "future jobs" truly in learning the mechanics of the machines that we rely on? Or is it perhaps better to train for truly complementary roles, human skills that a machines are far away from replicating?  (i.e. communications, design). I would say that it's mostly for compleme